1*4724848cSchristos=pod 2*4724848cSchristos 3*4724848cSchristos=head1 NAME 4*4724848cSchristos 5*4724848cSchristosEC_POINT_set_Jprojective_coordinates_GFp, 6*4724848cSchristosEC_POINT_point2buf, 7*4724848cSchristosEC_POINT_new, 8*4724848cSchristosEC_POINT_free, 9*4724848cSchristosEC_POINT_clear_free, 10*4724848cSchristosEC_POINT_copy, 11*4724848cSchristosEC_POINT_dup, 12*4724848cSchristosEC_POINT_method_of, 13*4724848cSchristosEC_POINT_set_to_infinity, 14*4724848cSchristosEC_POINT_get_Jprojective_coordinates_GFp, 15*4724848cSchristosEC_POINT_set_affine_coordinates, 16*4724848cSchristosEC_POINT_get_affine_coordinates, 17*4724848cSchristosEC_POINT_set_compressed_coordinates, 18*4724848cSchristosEC_POINT_set_affine_coordinates_GFp, 19*4724848cSchristosEC_POINT_get_affine_coordinates_GFp, 20*4724848cSchristosEC_POINT_set_compressed_coordinates_GFp, 21*4724848cSchristosEC_POINT_set_affine_coordinates_GF2m, 22*4724848cSchristosEC_POINT_get_affine_coordinates_GF2m, 23*4724848cSchristosEC_POINT_set_compressed_coordinates_GF2m, 24*4724848cSchristosEC_POINT_point2oct, 25*4724848cSchristosEC_POINT_oct2point, 26*4724848cSchristosEC_POINT_point2bn, 27*4724848cSchristosEC_POINT_bn2point, 28*4724848cSchristosEC_POINT_point2hex, 29*4724848cSchristosEC_POINT_hex2point 30*4724848cSchristos- Functions for creating, destroying and manipulating EC_POINT objects 31*4724848cSchristos 32*4724848cSchristos=head1 SYNOPSIS 33*4724848cSchristos 34*4724848cSchristos #include <openssl/ec.h> 35*4724848cSchristos 36*4724848cSchristos EC_POINT *EC_POINT_new(const EC_GROUP *group); 37*4724848cSchristos void EC_POINT_free(EC_POINT *point); 38*4724848cSchristos void EC_POINT_clear_free(EC_POINT *point); 39*4724848cSchristos int EC_POINT_copy(EC_POINT *dst, const EC_POINT *src); 40*4724848cSchristos EC_POINT *EC_POINT_dup(const EC_POINT *src, const EC_GROUP *group); 41*4724848cSchristos const EC_METHOD *EC_POINT_method_of(const EC_POINT *point); 42*4724848cSchristos int EC_POINT_set_to_infinity(const EC_GROUP *group, EC_POINT *point); 43*4724848cSchristos int EC_POINT_set_Jprojective_coordinates_GFp(const EC_GROUP *group, 44*4724848cSchristos EC_POINT *p, 45*4724848cSchristos const BIGNUM *x, const BIGNUM *y, 46*4724848cSchristos const BIGNUM *z, BN_CTX *ctx); 47*4724848cSchristos int EC_POINT_get_Jprojective_coordinates_GFp(const EC_GROUP *group, 48*4724848cSchristos const EC_POINT *p, 49*4724848cSchristos BIGNUM *x, BIGNUM *y, BIGNUM *z, 50*4724848cSchristos BN_CTX *ctx); 51*4724848cSchristos int EC_POINT_set_affine_coordinates(const EC_GROUP *group, EC_POINT *p, 52*4724848cSchristos const BIGNUM *x, const BIGNUM *y, 53*4724848cSchristos BN_CTX *ctx); 54*4724848cSchristos int EC_POINT_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *p, 55*4724848cSchristos BIGNUM *x, BIGNUM *y, BN_CTX *ctx); 56*4724848cSchristos int EC_POINT_set_compressed_coordinates(const EC_GROUP *group, EC_POINT *p, 57*4724848cSchristos const BIGNUM *x, int y_bit, 58*4724848cSchristos BN_CTX *ctx); 59*4724848cSchristos int EC_POINT_set_affine_coordinates_GFp(const EC_GROUP *group, EC_POINT *p, 60*4724848cSchristos const BIGNUM *x, const BIGNUM *y, 61*4724848cSchristos BN_CTX *ctx); 62*4724848cSchristos int EC_POINT_get_affine_coordinates_GFp(const EC_GROUP *group, 63*4724848cSchristos const EC_POINT *p, 64*4724848cSchristos BIGNUM *x, BIGNUM *y, BN_CTX *ctx); 65*4724848cSchristos int EC_POINT_set_compressed_coordinates_GFp(const EC_GROUP *group, 66*4724848cSchristos EC_POINT *p, 67*4724848cSchristos const BIGNUM *x, int y_bit, 68*4724848cSchristos BN_CTX *ctx); 69*4724848cSchristos int EC_POINT_set_affine_coordinates_GF2m(const EC_GROUP *group, EC_POINT *p, 70*4724848cSchristos const BIGNUM *x, const BIGNUM *y, 71*4724848cSchristos BN_CTX *ctx); 72*4724848cSchristos int EC_POINT_get_affine_coordinates_GF2m(const EC_GROUP *group, 73*4724848cSchristos const EC_POINT *p, 74*4724848cSchristos BIGNUM *x, BIGNUM *y, BN_CTX *ctx); 75*4724848cSchristos int EC_POINT_set_compressed_coordinates_GF2m(const EC_GROUP *group, 76*4724848cSchristos EC_POINT *p, 77*4724848cSchristos const BIGNUM *x, int y_bit, 78*4724848cSchristos BN_CTX *ctx); 79*4724848cSchristos size_t EC_POINT_point2oct(const EC_GROUP *group, const EC_POINT *p, 80*4724848cSchristos point_conversion_form_t form, 81*4724848cSchristos unsigned char *buf, size_t len, BN_CTX *ctx); 82*4724848cSchristos size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, 83*4724848cSchristos point_conversion_form_t form, 84*4724848cSchristos unsigned char **pbuf, BN_CTX *ctx); 85*4724848cSchristos int EC_POINT_oct2point(const EC_GROUP *group, EC_POINT *p, 86*4724848cSchristos const unsigned char *buf, size_t len, BN_CTX *ctx); 87*4724848cSchristos BIGNUM *EC_POINT_point2bn(const EC_GROUP *group, const EC_POINT *p, 88*4724848cSchristos point_conversion_form_t form, BIGNUM *bn, 89*4724848cSchristos BN_CTX *ctx); 90*4724848cSchristos EC_POINT *EC_POINT_bn2point(const EC_GROUP *group, const BIGNUM *bn, 91*4724848cSchristos EC_POINT *p, BN_CTX *ctx); 92*4724848cSchristos char *EC_POINT_point2hex(const EC_GROUP *group, const EC_POINT *p, 93*4724848cSchristos point_conversion_form_t form, BN_CTX *ctx); 94*4724848cSchristos EC_POINT *EC_POINT_hex2point(const EC_GROUP *group, const char *hex, 95*4724848cSchristos EC_POINT *p, BN_CTX *ctx); 96*4724848cSchristos 97*4724848cSchristos 98*4724848cSchristos=head1 DESCRIPTION 99*4724848cSchristos 100*4724848cSchristosAn B<EC_POINT> structure represents a point on a curve. A new point is 101*4724848cSchristosconstructed by calling the function EC_POINT_new() and providing the 102*4724848cSchristosB<group> object that the point relates to. 103*4724848cSchristos 104*4724848cSchristosEC_POINT_free() frees the memory associated with the B<EC_POINT>. 105*4724848cSchristosif B<point> is NULL nothing is done. 106*4724848cSchristos 107*4724848cSchristosEC_POINT_clear_free() destroys any sensitive data held within the EC_POINT and 108*4724848cSchristosthen frees its memory. If B<point> is NULL nothing is done. 109*4724848cSchristos 110*4724848cSchristosEC_POINT_copy() copies the point B<src> into B<dst>. Both B<src> and B<dst> 111*4724848cSchristosmust use the same B<EC_METHOD>. 112*4724848cSchristos 113*4724848cSchristosEC_POINT_dup() creates a new B<EC_POINT> object and copies the content from 114*4724848cSchristosB<src> to the newly created B<EC_POINT> object. 115*4724848cSchristos 116*4724848cSchristosEC_POINT_method_of() obtains the B<EC_METHOD> associated with B<point>. 117*4724848cSchristos 118*4724848cSchristosA valid point on a curve is the special point at infinity. A point is set to 119*4724848cSchristosbe at infinity by calling EC_POINT_set_to_infinity(). 120*4724848cSchristos 121*4724848cSchristosThe affine co-ordinates for a point describe a point in terms of its x and y 122*4724848cSchristosposition. The function EC_POINT_set_affine_coordinates() sets the B<x> and B<y> 123*4724848cSchristosco-ordinates for the point B<p> defined over the curve given in B<group>. The 124*4724848cSchristosfunction EC_POINT_get_affine_coordinates() sets B<x> and B<y>, either of which 125*4724848cSchristosmay be NULL, to the corresponding coordinates of B<p>. 126*4724848cSchristos 127*4724848cSchristosThe functions EC_POINT_set_affine_coordinates_GFp() and 128*4724848cSchristosEC_POINT_set_affine_coordinates_GF2m() are synonyms for 129*4724848cSchristosEC_POINT_set_affine_coordinates(). They are defined for backwards compatibility 130*4724848cSchristosonly and should not be used. 131*4724848cSchristos 132*4724848cSchristosThe functions EC_POINT_get_affine_coordinates_GFp() and 133*4724848cSchristosEC_POINT_get_affine_coordinates_GF2m() are synonyms for 134*4724848cSchristosEC_POINT_get_affine_coordinates(). They are defined for backwards compatibility 135*4724848cSchristosonly and should not be used. 136*4724848cSchristos 137*4724848cSchristosAs well as the affine co-ordinates, a point can alternatively be described in 138*4724848cSchristosterms of its Jacobian projective co-ordinates (for Fp curves only). Jacobian 139*4724848cSchristosprojective co-ordinates are expressed as three values x, y and z. Working in 140*4724848cSchristosthis co-ordinate system provides more efficient point multiplication 141*4724848cSchristosoperations. A mapping exists between Jacobian projective co-ordinates and 142*4724848cSchristosaffine co-ordinates. A Jacobian projective co-ordinate (x, y, z) can be written 143*4724848cSchristosas an affine co-ordinate as (x/(z^2), y/(z^3)). Conversion to Jacobian 144*4724848cSchristosprojective from affine co-ordinates is simple. The co-ordinate (x, y) is mapped 145*4724848cSchristosto (x, y, 1). To set or get the projective co-ordinates use 146*4724848cSchristosEC_POINT_set_Jprojective_coordinates_GFp() and 147*4724848cSchristosEC_POINT_get_Jprojective_coordinates_GFp() respectively. 148*4724848cSchristos 149*4724848cSchristosPoints can also be described in terms of their compressed co-ordinates. For a 150*4724848cSchristospoint (x, y), for any given value for x such that the point is on the curve 151*4724848cSchristosthere will only ever be two possible values for y. Therefore, a point can be set 152*4724848cSchristosusing the EC_POINT_set_compressed_coordinates() function where B<x> is the x 153*4724848cSchristosco-ordinate and B<y_bit> is a value 0 or 1 to identify which of the two 154*4724848cSchristospossible values for y should be used. 155*4724848cSchristos 156*4724848cSchristosThe functions EC_POINT_set_compressed_coordinates_GFp() and 157*4724848cSchristosEC_POINT_set_compressed_coordinates_GF2m() are synonyms for 158*4724848cSchristosEC_POINT_set_compressed_coordinates(). They are defined for backwards 159*4724848cSchristoscompatibility only and should not be used. 160*4724848cSchristos 161*4724848cSchristosIn addition B<EC_POINT> can be converted to and from various external 162*4724848cSchristosrepresentations. The octet form is the binary encoding of the B<ECPoint> 163*4724848cSchristosstructure (as defined in RFC5480 and used in certificates and TLS records): 164*4724848cSchristosonly the content octets are present, the B<OCTET STRING> tag and length are 165*4724848cSchristosnot included. B<BIGNUM> form is the octet form interpreted as a big endian 166*4724848cSchristosinteger converted to a B<BIGNUM> structure. Hexadecimal form is the octet 167*4724848cSchristosform converted to a NULL terminated character string where each character 168*4724848cSchristosis one of the printable values 0-9 or A-F (or a-f). 169*4724848cSchristos 170*4724848cSchristosThe functions EC_POINT_point2oct(), EC_POINT_oct2point(), EC_POINT_point2bn(), 171*4724848cSchristosEC_POINT_bn2point(), EC_POINT_point2hex() and EC_POINT_hex2point() convert from 172*4724848cSchristosand to EC_POINTs for the formats: octet, BIGNUM and hexadecimal respectively. 173*4724848cSchristos 174*4724848cSchristosThe function EC_POINT_point2oct() encodes the given curve point B<p> as an 175*4724848cSchristosoctet string into the buffer B<buf> of size B<len>, using the specified 176*4724848cSchristosconversion form B<form>. 177*4724848cSchristosThe encoding conforms with Sec. 2.3.3 of the SECG SEC 1 ("Elliptic Curve 178*4724848cSchristosCryptography") standard. 179*4724848cSchristosSimilarly the function EC_POINT_oct2point() decodes a curve point into B<p> from 180*4724848cSchristosthe octet string contained in the given buffer B<buf> of size B<len>, conforming 181*4724848cSchristosto Sec. 2.3.4 of the SECG SEC 1 ("Elliptic Curve Cryptography") standard. 182*4724848cSchristos 183*4724848cSchristosThe functions EC_POINT_point2hex() and EC_POINT_point2bn() convert a point B<p>, 184*4724848cSchristosrespectively, to the hexadecimal or BIGNUM representation of the same 185*4724848cSchristosencoding of the function EC_POINT_point2oct(). 186*4724848cSchristosVice versa, similarly to the function EC_POINT_oct2point(), the functions 187*4724848cSchristosEC_POINT_hex2point() and EC_POINT_point2bn() decode the hexadecimal or 188*4724848cSchristosBIGNUM representation into the EC_POINT B<p>. 189*4724848cSchristos 190*4724848cSchristosNotice that, according to the standard, the octet string encoding of the point 191*4724848cSchristosat infinity for a given curve is fixed to a single octet of value zero and that, 192*4724848cSchristosvice versa, a single octet of size zero is decoded as the point at infinity. 193*4724848cSchristos 194*4724848cSchristosThe function EC_POINT_point2oct() must be supplied with a buffer long enough to 195*4724848cSchristosstore the octet form. The return value provides the number of octets stored. 196*4724848cSchristosCalling the function with a NULL buffer will not perform the conversion but 197*4724848cSchristoswill still return the required buffer length. 198*4724848cSchristos 199*4724848cSchristosThe function EC_POINT_point2buf() allocates a buffer of suitable length and 200*4724848cSchristoswrites an EC_POINT to it in octet format. The allocated buffer is written to 201*4724848cSchristosB<*pbuf> and its length is returned. The caller must free up the allocated 202*4724848cSchristosbuffer with a call to OPENSSL_free(). Since the allocated buffer value is 203*4724848cSchristoswritten to B<*pbuf> the B<pbuf> parameter B<MUST NOT> be B<NULL>. 204*4724848cSchristos 205*4724848cSchristosThe function EC_POINT_point2hex() will allocate sufficient memory to store the 206*4724848cSchristoshexadecimal string. It is the caller's responsibility to free this memory with 207*4724848cSchristosa subsequent call to OPENSSL_free(). 208*4724848cSchristos 209*4724848cSchristos=head1 RETURN VALUES 210*4724848cSchristos 211*4724848cSchristosEC_POINT_new() and EC_POINT_dup() return the newly allocated EC_POINT or NULL 212*4724848cSchristoson error. 213*4724848cSchristos 214*4724848cSchristosThe following functions return 1 on success or 0 on error: EC_POINT_copy(), 215*4724848cSchristosEC_POINT_set_to_infinity(), EC_POINT_set_Jprojective_coordinates_GFp(), 216*4724848cSchristosEC_POINT_get_Jprojective_coordinates_GFp(), 217*4724848cSchristosEC_POINT_set_affine_coordinates_GFp(), EC_POINT_get_affine_coordinates_GFp(), 218*4724848cSchristosEC_POINT_set_compressed_coordinates_GFp(), 219*4724848cSchristosEC_POINT_set_affine_coordinates_GF2m(), EC_POINT_get_affine_coordinates_GF2m(), 220*4724848cSchristosEC_POINT_set_compressed_coordinates_GF2m() and EC_POINT_oct2point(). 221*4724848cSchristos 222*4724848cSchristosEC_POINT_method_of returns the EC_METHOD associated with the supplied EC_POINT. 223*4724848cSchristos 224*4724848cSchristosEC_POINT_point2oct() and EC_POINT_point2buf() return the length of the required 225*4724848cSchristosbuffer or 0 on error. 226*4724848cSchristos 227*4724848cSchristosEC_POINT_point2bn() returns the pointer to the BIGNUM supplied, or NULL on 228*4724848cSchristoserror. 229*4724848cSchristos 230*4724848cSchristosEC_POINT_bn2point() returns the pointer to the EC_POINT supplied, or NULL on 231*4724848cSchristoserror. 232*4724848cSchristos 233*4724848cSchristosEC_POINT_point2hex() returns a pointer to the hex string, or NULL on error. 234*4724848cSchristos 235*4724848cSchristosEC_POINT_hex2point() returns the pointer to the EC_POINT supplied, or NULL on 236*4724848cSchristoserror. 237*4724848cSchristos 238*4724848cSchristos=head1 SEE ALSO 239*4724848cSchristos 240*4724848cSchristosL<crypto(7)>, L<EC_GROUP_new(3)>, L<EC_GROUP_copy(3)>, 241*4724848cSchristosL<EC_POINT_add(3)>, L<EC_KEY_new(3)>, 242*4724848cSchristosL<EC_GFp_simple_method(3)>, L<d2i_ECPKParameters(3)> 243*4724848cSchristos 244*4724848cSchristos=head1 COPYRIGHT 245*4724848cSchristos 246*4724848cSchristosCopyright 2013-2020 The OpenSSL Project Authors. All Rights Reserved. 247*4724848cSchristos 248*4724848cSchristosLicensed under the OpenSSL license (the "License"). You may not use 249*4724848cSchristosthis file except in compliance with the License. You can obtain a copy 250*4724848cSchristosin the file LICENSE in the source distribution or at 251*4724848cSchristosL<https://www.openssl.org/source/license.html>. 252*4724848cSchristos 253*4724848cSchristos=cut 254